This page is for people who edit and maintain this documentation site.
| Section | Use it for |
|---|---|
/start/ | Entry points for new readers (what to read first). |
/how-we-work/ | Norms, policies, and internal process (how we collaborate). |
/architecture/ | Conceptual models (systems, environments, infrastructure). |
/platforms-and-services/ | Platforms and service catalog docs (what it is + how to use it). |
/run-and-support/ | Runbooks, procedures, and troubleshooting (how to operate). |
/reference/ | Inventories and definition pages (facts, templates, lookup). |
Example (DB connectivity): DB endpoints (model) → TCP proxy (service) → TCP proxy (facts) → Proxy & routing (operate) / SQL operations (operate).
Canonical templates
Use these as the starting point for new definition pages:
src/content/docs/reference/_templates/service.mdxsrc/content/docs/reference/_templates/server.mdxsrc/content/docs/reference/_templates/domain.mdxsrc/content/docs/reference/_templates/environment.mdxRepo rules (source of truth)
Editing rules for humans and AI agents live in:
AGENTS.md
---
title: "Template: Service definition"
description: "Canonical structure for documenting one service/application."
sidebar:
hidden: true
pagefind: false
---
{/*
Purpose: Use this template for pages that document one service (an application, platform capability, or managed offering).
Rules:
- Do not invent facts. If you can’t confirm something, omit it.
- OPTIONAL sections/rows may be deleted entirely.
- Prefer removing unknown fields over leaving placeholders in committed pages.
*/}
## Overview (REQUIRED)
{/* Purpose: 1–3 sentences describing what the service is and who/what uses it. */}
## Purpose (OPTIONAL)
{/* Purpose: Short bullets describing what the service provides. */}
## Ownership & support (OPTIONAL)
{/* Purpose: Who maintains/operates the service and where requests/incidents go (only if explicitly documented). */}
## Entry points (OPTIONAL)
{/* Purpose: How users/systems access the service (URLs/hostnames, ports, protocols). No credentials. */}
## Where it runs (OPTIONAL)
{/* Purpose: Deployment location(s) for the service; link to server pages when explicitly known. */}
## Dependencies (OPTIONAL)
{/* Purpose: What this service depends on (DNS, databases, object storage, auth, upstream APIs). */}
## Data & persistence (OPTIONAL)
{/* Purpose: What data the service stores and where (only if confirmed). */}
## Access & security notes (OPTIONAL)
{/* Purpose: Confirmed access controls and auth mechanisms; link to policy pages where relevant. */}
## Operational notes (OPTIONAL)
{/* Purpose: Factual operator notes (configuration location, deploy/restart, routine maintenance). */}
## Monitoring & alerting (OPTIONAL)
{/* Purpose: Where to observe service health and what signals/alerts exist (only if confirmed). */}
## Backup & recovery (OPTIONAL)
{/* Purpose: Documented backup/restore behavior for the service’s data (only if confirmed). */}
## Known risks / failure modes (OPTIONAL)
{/* Purpose: Confirmed failure modes and symptoms; avoid speculative “best practices”. */}
## Runbooks (OPTIONAL)
{/* Purpose: Direct links to procedural docs for operating or recovering this service. */}
## Related (OPTIONAL)
{/* Purpose: Cross-links to adjacent docs; prefer Nova LinkButtons when used. */}
{/* TODO (only when needed):
- List missing info you intentionally omitted (e.g. ownership, monitoring, backups, runbooks).
*/}---
title: "Template: Server definition"
description: "Canonical structure for documenting a single server/host."
sidebar:
hidden: true
pagefind: false
---
{/*
Purpose: Use this template for pages that document one server/host (VM, bare metal, appliance).
Rules:
- Do not invent facts. If you can’t confirm something, omit it.
- OPTIONAL sections/rows may be deleted entirely.
- Prefer removing unknown fields over leaving placeholders in committed pages.
*/}
## Overview (REQUIRED)
{/* Purpose: 1–3 sentences describing what this server is and why it exists. */}
## Purpose (OPTIONAL)
{/* Purpose: Short bullets describing what this server enables/provides. */}
## Inventory (OPTIONAL)
{/* Purpose: Stable identifiers and sizing details used for operations and capacity. */}
{/* Delete any row you can’t confirm. */}
| Item | Value |
|---|---|
| Provider / platform | |
| Instance / asset ID | |
| OS | |
| vCPU | |
| RAM | |
| Disk | |
| Network identity (IP/VIP) | |
## Entry points (OPTIONAL)
{/* Purpose: How operators/systems reach this server (hostnames, ports, protocols). No credentials. */}
## Hosted services (OPTIONAL)
{/* Purpose: What services primarily run on this server; link to service pages where they exist. */}
## Dependencies (OPTIONAL)
{/* Purpose: External dependencies this server requires (DNS, storage, auth, upstream services). */}
## Operational notes (OPTIONAL)
{/* Purpose: Safe, factual operator notes (restart/reload patterns, where configs live). */}
## Monitoring & alerting (OPTIONAL)
{/* Purpose: Where to observe health and what signals/alerts exist (only if confirmed). */}
## Backup & recovery (OPTIONAL)
{/* Purpose: Documented backup/restore behavior for data on this server (only if confirmed). */}
## Known risks / failure modes (OPTIONAL)
{/* Purpose: Confirmed failure modes and symptoms; avoid speculative “best practices”. */}
## Runbooks (OPTIONAL)
{/* Purpose: Direct links to procedural docs for operating or recovering this server. */}
## Related (OPTIONAL)
{/* Purpose: Cross-links to adjacent docs; prefer Nova LinkButtons when used. */}
{/* TODO (only when needed):
- List missing info you intentionally omitted (e.g. monitoring, backups, ownership).
*/}---
title: "Template: Domain / DNS zone definition"
description: "Canonical structure for documenting one public domain or internal DNS zone."
sidebar:
hidden: true
pagefind: false
---
{/*
Purpose: Use this template for pages that document one domain (public) or one internal DNS zone.
Rules:
- Do not invent facts. If you can’t confirm something, omit it.
- OPTIONAL sections/rows may be deleted entirely.
- Prefer removing unknown fields over leaving placeholders in committed pages.
*/}
## Overview (REQUIRED)
{/* Purpose: 1–3 sentences describing what this domain/zone is used for and why it matters. */}
## Facts (OPTIONAL)
{/* Purpose: Stable identifiers and “where to manage it” pointers (no credentials). */}
{/* Delete any row you can’t confirm. */}
| Field | Value |
|---|---|
| Domain / zone | |
| Type (public domain / internal zone) | |
| Managed in (DNS UI / registrar) | |
| Authoritative DNS provider | |
| Email provider (if any) | |
| Website/app hosting (if any) | |
## Connected services (OPTIONAL)
{/* Purpose: Services that use this domain/zone and where changes typically happen (link to service pages). */}
## Key hostnames (OPTIONAL)
{/* Purpose: Important subdomains/hostnames under this domain/zone; link to service pages when available. */}
## Operational notes (OPTIONAL)
{/* Purpose: Factual change workflow notes (DNS, split-horizon, certificates). No secrets. */}
## Known risks / failure modes (OPTIONAL)
{/* Purpose: Confirmed failure modes and symptoms; avoid speculative “best practices”. */}
## Related (OPTIONAL)
{/* Purpose: Cross-links to adjacent docs; prefer Nova LinkButtons when used. */}
{/* TODO (only when needed):
- List missing info you intentionally omitted (e.g. authoritative DNS, email usage, runbooks).
*/}---
title: "Template: Environment"
description: "Canonical shape for linking the GUI/app/DB tiers of one environment."
sidebar:
hidden: true
pagefind: false
---
{/*
Purpose: Use this template for an environment-first page that ties together:
- GUI/hostname (Domains + web.core.lef)
- Application tier (service page)
- Database tier (db.lef endpoint page)
Rules:
- Do not invent facts. If you can’t confirm something, omit it.
- Prefer links to canonical tier pages over copying values.
- Register the lane in `src/data/lanes.mjs` and render Stage/Components from the registry (prevents drift).
*/}
## Overview (REQUIRED)
{/* 1–3 sentences: what this environment/lane is for and who uses it. */}
## Stage (OPTIONAL)
{/* DTAP stage (only if explicitly known). Add LAB only if explicitly known. */}
{/* Preferred (registry-driven): use <LaneStage /> in the environment page. */}
## Components (REQUIRED)
{/* Preferred (registry-driven): use <LaneComponents /> in the environment page. */}
### GUI (REQUIRED)
{/* Public/internal entry URL(s) + link to relevant Domains page(s). */}
### Application tier (REQUIRED)
{/* Link to the runtime page under `/infra/app-tiers/` and any relevant service docs (if they exist). */}
### Database tier (OPTIONAL)
{/* Link to the canonical DB endpoint page under `/infra/databases/` or `/infra/proxy/tcp-proxy/`. */}
## Notes (OPTIONAL)
### Operational notes (OPTIONAL)
{/* Factual operator notes; no secrets. */}
### Known risks / failure modes (OPTIONAL)
{/* Confirmed failure modes and symptoms. */}
{/* TODO (only when needed):
- List missing info you intentionally omitted.
*/} npm run lintnpm run lint:linksnpm run lint:integritynpm run lint:lanesnpm run buildDiagrams are written as PlantUML code fences:
---
title: Thinkwise environment
description: System context and container model for a Thinkwise environment (stable across lanes).
sidebar:
order: 20
---
import { LinkButton } from "starlight-theme-nova/components";
This page models the **Thinkwise environment** as a software system. Lanes (in [DTAP](/reference/glossary/dtap/)) are occurrences of the same system construct.
## System context
```plantuml
@startuml
!include <C4/C4_Context>
!NEW_C4_STYLE = 1
LAYOUT_TOP_DOWN()
HIDE_STEREOTYPE()
title Thinkwise environment — system context
Person(stakeholders, "Business stakeholders")
Person(delivery, "Solution architects & engineers")
Person(endUsers, "End users")
Person(ops, "LEF delivery/support")
System(twEnv, "Thinkwise Environment", "Lane instance (DTAP)")
System_Ext(entra, "Identity", "Microsoft Entra ID")
System_Ext(infra, "Shared infra enablers", "VPN, DNS, proxies, storage")
System_Ext(integrations, "External integrations")
Rel(stakeholders, twEnv, "Uses")
Rel(delivery, twEnv, "Uses")
Rel(endUsers, twEnv, "Uses")
Rel(ops, twEnv, "Uses")
Rel(twEnv, entra, "Uses")
Rel(twEnv, infra, "Uses")
Rel(twEnv, integrations, "Integrates with")
@enduml
```
{/* TODO: Link canonical integration/service pages for “external integrations” once available. */}
## Container model
Inside the Thinkwise environment boundary, we model the stable container set:
- **GUI** (web UI)
- **App/API runtime** (Indicium)
- **Database**
- **Object storage** (S3-compatible; avoid local disk as the source of truth)
```plantuml
@startuml
!include <C4/C4_Container>
!NEW_C4_STYLE = 1
LAYOUT_TOP_DOWN()
HIDE_STEREOTYPE()
title Thinkwise environment — container model
Person(user, "User")
System_Ext(reverseProxy, "Reverse proxy", "HTTP(S) ingress")
System_Ext(dns, "DNS", "Name resolution")
System_Ext(tcpProxy, "TCP proxy", "DB endpoints")
System_Ext(identity, "Identity", "Entra ID")
System_Boundary(twEnv, "Thinkwise Environment") {
Container(gui, "GUI", "Web UI", "User-facing interface")
Container(api, "App/API runtime", "Indicium", "Processing logic and APIs")
ContainerDb(db, "Database", "SQL Server", "System state")
ContainerDb(obj, "Object storage", "S3", "Files/objects")
}
Rel(user, reverseProxy, "Uses", "HTTPS")
Rel(reverseProxy, gui, "Routes", "HTTPS")
Rel(gui, api, "Calls", "HTTP(S)")
Rel(api, db, "Reads/writes", "SQL")
Rel(api, obj, "Stores/loads", "S3 API")
Rel(user, dns, "Resolves hostnames via")
Rel(api, tcpProxy, "Connects via", "SQL")
Rel(tcpProxy, db, "Routes", "SQL")
Rel(gui, identity, "Uses")
Rel(api, identity, "Uses")
@enduml
```
## Apply the aspect lens
<div class="sl-flex sl-flex-wrap sl-gap-2">
<LinkButton href="/architecture/aspects/service/" variant="secondary">Service</LinkButton>
<LinkButton href="/architecture/aspects/development/" variant="secondary">Development</LinkButton>
<LinkButton href="/architecture/aspects/delivery/" variant="secondary">Delivery</LinkButton>
<LinkButton href="/architecture/aspects/operational-management/" variant="secondary">Operational management</LinkButton>
<LinkButton href="/architecture/aspects/security/" variant="secondary">Security</LinkButton>
</div>
## Where to go next
<div class="sl-flex sl-flex-wrap sl-gap-2">
<LinkButton href="/architecture/archetypes/containers/" variant="secondary">Container archetypes</LinkButton>
<LinkButton href="/reference/environments/" variant="secondary">Environment definitions (facts)</LinkButton>
<LinkButton href="/run-and-support/infra/app-tiers/thinkwise/" variant="secondary">Indicium runtimes (operate)</LinkButton>
<LinkButton href="/run-and-support/platforms/thinkwise/" variant="secondary">Thinkwise procedures (operate)</LinkButton>
<LinkButton href="/platforms-and-services/platforms/thinkwise/" variant="secondary">Thinkwise platform docs</LinkButton>
</div>
{/* TODO:
- Capture “turn-key vs assisted vs support” responsibility boundaries once agreed (Architecture; no runbooks here).
*/}Rendering is build-time:
PLANTUML_SERVER_URL (recommended for CI and shared environments).src/assets/lef_ca.pem. If you need a different CA, set PLANTUML_CA_CERT_PATH to a PEM bundle so Node can verify TLS.PLANTUML_JAR_PATH (and ensure Java is available; optionally set PLANTUML_JAVA_CMD).PLANTUML_RENDER_MODE=skip.Rendered diagrams include a Fullscreen button with zoom controls.
hosting: external in frontmatter.*.db.lef backend routing is canonical in /reference/infra/proxy/tcp-proxy/; database endpoint pages must not duplicate backend host/port values.src/data/lanes.mjs; environment pages must render it via <LaneStage /> and <LaneComponents />.